Managing User
Roles

Group Admin—An end user with the privilege of adding users. This
user can use the Self-Service portal.

IS Admin

MSP Admin

Network Admin

Operator

Service End User—This user can only view and use the Self-Service
portal.

Storage Admin

System Admin

These user roles are system-defined and available by default. You can
determine if a role is available in the system by default, if the
Default Role column in the
User Roles page is marked with
Yes.

As an administrator in the system, you can perform the following tasks
with user roles:

Create a new user role in the system, and create users with this
role.

While creating a new user role, you can specify if the role is that
of an administrator or an end user. For more information on creating a user
role, see
Adding a User Role.
For information on creating users for a role, see
Adding Users.

Modify existing user roles, including default roles, to change menu
settings and read/write permissions for users associated with that role.

The procedure to modify menu settings and permissions for a role is
the same as the procedure followed while adding a user role.

Adding a User
Role

You can create any
number of user roles in
Cisco UCS Director and define their menu settings for the
users of this role.

Procedure

Step 1

On the menu bar,
choose
Administration > System.

Step 2

Click the
User
Roles tab.

Step 3

Click
Add
(+).

Step 4

In the
Add User
Role dialog box, complete the following fields:

Name

Description

User Role field

Name
of the user role.

Role Type drop-down list

Choose
the type of role that you are adding. It can be one of the following:

Admin

End user

Description field

The
description of the role being added.

Step 5

Click
Next.

Step 6

In the
Menu
Settings pane, choose the menu options that will be visible to users
that are defined this role.

Step 7

Click
Next.

Step 8

In the
User
Permissions pane, choose the read or write permissions for various
tasks for users that are created with this role.

Step 9

Click
Submit.

What to Do Next

Create a user with
this role type.

Managing User
Types

As the system
administrator, you have full privileges to manage
Cisco UCS
Director, including adding users, viewing users and user permissions, and
modifying individual user read/write permissions for different system
components.

Most users view and
use the Administrative portal when they log in.

Default User Permissions

Each admin user has a set of permissions to access Cisco UCS Director . The types of user permissions are as follows:

Read—An admin user with Read permission has the ability to only read a file.

Write—An admin user with Write permission has the ability to read, write and modify a file. This permission grants the ability to modify, delete or rename files.

Read/Write—An admin with Read/Write permission has the ability to read and write a file.

All Policy
Admin

The following table shows a list of operations that an
All Policy admin can perform:

Operations

Permissions

Read

Write

Virtual Computing

Yes

No

VM Label

No

Yes

Assign VM to vDC

No

Yes

Virtual Storage

Yes

No

Virtual Network

Yes

No

Physical Computing

Yes

Yes

Physical Storage

Yes

Yes

Physical Network

Yes

Yes

Group Service Request

No

No

Approver Service Request

No

No

Budgeting

Yes

No

Resource Accounting

Yes

No

Chargeback

Yes

No

System Admin

Yes

No

Users and Groups

Yes

No

Virtual Accounts

Yes

No

Catalogs

Yes

No

vDC

Yes

No

Computing Policy

No

Yes

Storage Policy

No

Yes

Network Policy

No

Yes

Deployment Policy

No

Yes

SLA Policy

No

Yes

Resource Limit Report

No

Yes

Group Users

Yes

No

Cloudsense Reports

Yes

No

Cloudsense Assessment Reports

Yes

No

Orchestration

Yes

No

Discovery

Yes

No

MSP

No

Yes

Open Automation Modules

No

No

Group Users

No

No

CS Shared Reports

No

No

CS Shared Assessments

No

No

Remote VM Access

No

No

Mobile Access Settings

No

No

End User Chargeback

No

No

Write Resource Accounting

No

No

Write Chargeback

No

Yes

UCSD Cluster

No

No

Billing Admin

The following table show a list of operations that a Billing admin can perform:

Operation

Permission

Read

Write

Virtual Computing

VM Label

Assign VM to vDC

Virtual Storage

Virtual Network

Physical Computing

Physical Storage

Physical Network

Group Service Request

Yes

Approver Service Request

Budgeting

Yes

Yes

Resource Accounting

Yes

Chargeback

Yes

System Admin

Users and Groups

Virtual Accounts

Catalogs

vDC

Computing Policy

Storage Policy

Network Policy

Deployment Policy

SLA Policy

Resource Limit Report

Yes

Group Users

Cloudsense Reports

Yes

Yes

Cloudsense Assessment Reports

Orchestration

Discovery

Yes

MSP

Yes

Yes

Open Automation Modules

Group Users

CS Shared Reports

CS Shared Assessments

Remote VM Access

Mobile Access Settings

End User Chargeback

Write Resource Accounting

Yes

Write Chargeback

Yes

UCSD Cluster

Computing Admin

The following table shows a list of operation that a Computing admin can perform:

Operation

Permission

Read

Write

Virtual Computing

Yes

No

VM Label

No

Yes

Assign VM to vDC

No

No

Virtual Storage

Yes

No

Virtual Network

Yes

No

Physical Computing

Yes

Yes

Physical Storage

Yes

No

Physical Network

Yes

No

Group Service Request

Yes

No

Approver Service Request

Yes

Yes

Budgeting

Yes

No

Resource Accouting

Yes

No

Chargeback

Yes

No

System Admin

Yes

No

Users and Groups

Yes

No

Virtual Accounts

Yes

No

Catalogs

Yes

No

vDC

Yes

No

Computing Policy

Yes

Yes

Storage Policy

Yes

No

Network Policy

Yes

No

Deployment Policy

Yes

No

SLA Policy

Yes

No

Resource Limit Report

Yes

No

Group Users

Yes

No

Cloudsense Reports

Yes

No

Cloudsense Assessment Reports

Yes

No

Orchestration

Yes

No

Discovery

Yes

No

MSP

Yes

Yes

Open Automation Modules

No

No

Group Users

No

No

CS Shared Reports

No

No

CS Shared Assessments

No

No

Remote VM Access

No

No

Mobile Access Settings

No

No

End User Chargeback

No

No

Write Resource Accounting

No

No

Write Chargeback

No

No

UCSD Cluster

No

No

Group Admin

Task

Permission

Read

Write

Virtual Computing

Yes

VM Label

Yes

Assign VM to vDC

Virtual Storage

Virtual Network

Physical Computing

Physical Storage

Yes

Yes

Physical Network

Group Service Request

Yes

Yes

Approver Service Request

Yes

Yes

Budgeting

Resource Accouting

Chargeback

System Admin

Users and Groups

Virtual Accounts

Catalogs

Yes

vDC

Yes

Computing Policy

Yes

Yes

Storage Policy

Network Policy

Deployment Policy

SLA Policy

Resource Limit Report

Group Users

Cloudsense Reports

Yes

Cloudsense Assessment Reports

Orchestration

Discovery

MSP

Open Automation Modules

Group Users

CS Shared Reports

Yes

Yes

CS Shared Assessments

Yes

Yes

Remote VM Access

Mobile Access Settings

End User Chargeback

Yes

Write Resource Accounting

Write Chargeback

UCSD Cluster

IS Admin

Task

Permission

Read

Write

Virtual Computing

Yes

No

VM Label

No

Yes

Assign VM to vDC

No

Yes

Virtual Storage

Yes

No

Virtual Network

Yes

No

Physical Computing

Yes

No

Physical Storage

Yes

No

Physical Network

Yes

No

Group Service Request

Yes

No

Approver Service Request

No

No

Budgeting

Yes

No

Resource Accouting

Yes

No

Chargeback

Yes

No

System Admin

Yes

No

Users and Groups

Yes

No

Virtual Accounts

Yes

No

Catalogs

Yes

Yes

vDC

Yes

Yes

Computing Policy

Yes

No

Storage Policy

No

No

Network Policy

Yes

No

Deployment Policy

Yes

Yes

SLA Policy

Yes

Yes

Resource Limit Report

Yes

No

Group Users

Yes

No

Cloudsense Reports

Yes

No

Cloudsense Assessment Reports

Yes

No

Orchestration

No

Yes

Discovery

No

Yes

MSP

No

Yes

Open Automation Modules

No

No

Group Users

No

No

CS Shared Reports

No

No

CS Shared Assessments

No

No

Remote VM Access

No

No

Mobile Access Settings

No

No

End User Chargeback

No

No

Write Resource Accounting

No

No

Write Chargeback

No

No

UCSD Cluster

No

No

Network Admin

Task

Permission

Virtual Computing

Yes

No

VM Label

No

Yes

Assign VM to vDC

No

No

Virtual Storage

Yes

No

Virtual Network

Yes

No

Physical Computing

Yes

No

Physical Storage

Yes

No

Physical Network

Yes

Yes

Group Service Request

No

No

Approver Service Request

No

No

Budgeting

Yes

Yes

Resource Accounting

Yes

Yes

Chargeback

Yes

Yes

System Admin

No

No

Users and Groups

Yes

No

Virtual Accounts

Yes

No

Catalogs

Yes

No

vDC

Yes

No

Computing Policy

Yes

No

Storage Policy

Yes

No

Network Policy

Yes

Yes

Deployment Policy

Yes

No

SLA Policy

Yes

No

Resource Limit Report

Yes

No

Group Users

Yes

No

Cloudsense Reports

Yes

No

Cloudsense Assessment Reports

Yes

No

Orchestration

Yes

Yes

Discovery

Yes

Yes

MSP

Yes

Yes

Open Automation Modules

No

No

Group Users

No

No

CS Shared Reports

No

No

CS Shared Assessments

No

No

Remote VM Access

No

No

Mobile Access Settings

No

No

End User Chargeback

No

No

Write Resource Accounting

No

No

Write Chargeback

No

No

UCSD Cluster

No

No

Operator

Task

Permission

Read

Write

Virtual Computing

Yes

No

VM Label

No

Yes

Assign VM to vDC

No

Yes

Virtual Storage

Yes

No

Virtual Network

Yes

No

Physical Computing

Yes

No

Physical Storage

Yes

No

Physical Network

Yes

No

Group Service Request

No

No

Approver Service Request

No

No

Budgeting

Yes

No

Resource Accounting

Yes

No

Chargeback

Yes

No

System Admin

Yes

No

Users and Groups

Yes

No

Virtual Accounts

Yes

No

Catalogs

Yes

No

vDC

Yes

No

Computing Policy

Yes

No

Storage Policy

Yes

No

Network Policy

Yes

No

Deployment Policy

Yes

No

SLA Policy

Yes

No

Resource Limit Report

Yes

No

Group Users

Yes

No

Cloudsense Reports

Yes

No

Cloudsense Assessment Reports

Yes

No

Orchestration

No

No

Discovery

No

No

MSP

No

No

Open Automation Modules

No

No

Group Users

No

No

CS Shared Reports

No

No

CS Shared Assessments

No

No

Remote VM Access

No

No

Mobile Access Settings

No

No

End User Chargeback

No

No

Write Resource Accounting

No

No

Write Chargeback

No

No

UCSD Cluster

No

No

Service End User

Task

Permission

Read

Write

Virtual Computing

VM Label

Assign VM to vDC

Virtual Storage

Virtual Network

Physical Computing

Physical Storage

Physical Network

Group Service Request

Read

Approver Service Request

Read

Write

Budgeting

Resource Accounting

Chargeback

System Admin

Users and Groups

Virtual Accounts

Catalogs

vDC

Computing Policy

Storage Policy

Network Policy

Deployment Policy

SLA Policy

Resource Limit Report

Group Users

Cloudsense Reports

Cloudsense Assessment Reports

Orchestration

Discovery

MSP

Open Automation Modules

Group Users

CS Shared Reports

CS Shared Assessments

Remote VM Access

Mobile Access Settings

End User Chargeback

Read

Write Resource Accounting

Write Chargeback

UCSD Cluster

Storage Admin

Task

Permission

Read

Write

Virtual Computing

Yes

VM Label

Yes

Assign VM to vDC

Virtual Storage

Yes

Virtual Network

Yes

Physical Computing

Yes

Physical Storage

Yes

Physical Network

Yes

Group Service Request

Yes

Approver Service Request

Yes

Yes

Budgeting

Yes

Resource Accounting

Yes

Chargeback

Yes

System Admin

Yes

Users and Groups

Yes

Virtual Accounts

Yes

Catalogs

Yes

vDC

Yes

Computing Policy

Yes

Storage Policy

Yes

Network Policy

Yes

Deployment Policy

Yes

SLA Policy

Yes

Resource Limit Report

Yes

Group Users

Yes

Cloudsense Reports

Yes

Cloudsense Assessment Reports

Yes

Orchestration

Yes

Discovery

Yes

Yes

MSP

Yes

Yes

Open Automation Modules

Group Users

CS Shared Reports

CS Shared Assessments

Remote VM Access

Mobile Access Settings

End User Chargeback

Yes

Yes

Write Resource Accounting

Write Chargeback

UCSD Cluster

User Roles and Permissions

The following tables shows a list of permissions that are mapped to each admin user type:

Permission

All Policy Admin

Billing Admin

Computing Admin

Group Admin

IS Admin

MSP Admin

Network Admin

Operator

Service End User

Storage Admin

Virtual Computing

Read

Read

Read

Write

Write

Read

Read

VM Label

Write

Write

Write

Write

Write

Write

Assign VM to vDC

Write

Write

Write

Virtual Storage

Read

Read

Read

Read

Read

Read

Virtual Network

Read

Read

Read

Read

Read

Read

Physical Computing

Read/ Write

Read/Write

Read

Read

Read

Read

Physical Storage

Read/ Write

Read

Read/ Write

Read

Read

Read

Read

Physical Network

Read/ Write

Read

Read

Read/Write

Read/Write

Read

Group Service Request

Read

Read/Write

Read

Read/Write

Read/Write

Read

Approver Service Request

Read

Read/Write

Read/Write

Read/Write

Read

Read/Write

Budgeting

Read

Read/Write

Read

Read

Read/Write

Read/Write

Read

Read

Resource Accouting

Read

Read

Read

Read

Read

Read

Read/Write

Read

Read

Chargeback

Read

Read

Read

Read

Read

Read

Read/Write

Read

Read

System Admin

Read

Read

Read

Read

Read

Read

Users and Groups

Read

Read

Read

Read

Read

Read

Virtual Accounts

Read

Read

Read

Read

Read

Read

Catalogs

Read

Read

Read

Read/Write

Read

Read

Read

Read

vDC

Read

Read

Read

Read/Write

Read

Read

Read

Computing Policy

Read/Write

Read/Write

Read/Write

Read

Read

Read

Read

Storage Policy

Read/Write

Read

Read

Read

Read

Network Policy

Read/Write

Read

Read

Read

Read

Deployment Policy

Read/Write

Read

Read/Write

Read

Read

Read

SLA Policy

Read/Write

Read

Read/Write

Read

Read

Read

Resource Limit Report

Read/Write

Read

Read

Read/Write

Read

Read

Read

Read

Read

Group Users

Read

Read

Write

Read

Read

Read

Read

Read

Cloudsense Reports

Read

Read/Write

Read

Read

Read

Read

Read

Read

Read

Cloudsense Assessment Reports

Read

Read

Orchestration

Read

Read

Read/Write

Read/Write

Discovery

Read

Read

Read

Read/Write

Read/Write

Read/Write

MSP

Read/Write

Read/Write

Read/Write

Read/Write

Read/Write

Read/Write

Read/Write

Open Automation Modules

Write

Group Users

Read

CS Shared Reports

Read/Write

Read

CS Shared Assessments

Read/Write

Remote VM Access

Mobile Access Settings

End User Chargeback

Read

Read

Read

Read

Write Resource Accounting

Write

Write Chargeback

Write

Write

UCSD Cluster

Creating a Group or
Customer Organization

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Click the
User
Groups tab.

Step 3

Click
Add.

Step 4

In the
Add
Group dialog box, complete the following fields:

Field Name

Description

Name field

The
name of the group or the customer organization.

Description field

The
description of the group or the customer organization, if required.

Code field

A
shorter name or code name for the group. This name is used in VM and hostname
templates.

Cost Center field

(Optional) The cost center name or number if required. This name
or number represents a cost center that a group is associated with. This name
can be used in a VMware System policy for the VM naming convention.

For
more information about using a cost center for naming conventions, see
Managing Policies.

Contact Email field

The
email used to notify the group owner about the status of service requests and
request approvals if necessary.

First Name field

The
contact’s first name.

Last Name field

The
contact’s last name.

Phone field

The
contact’s phone number.

Address field

The
contact’s address.

Group Share Policy drop-down list

Choose the group share policy for the users in this group.

This
drop-down list is populated only when you have created group share policies.
For more information on creating this policy, see
Creating a Group Share Policy.

Allow Resource Assignment To Users check box

If
checked, the users of this group can have resources assigned to them and can
own these resources. Also, these users can view resources belonging to the
group. However, the resources among these users cannot be shared.

Step 5

Click
Add.

What to Do Next

Repeat this
procedure if you want to add more groups.

Password Policy

The password policy applies to all the users and is enforced when you add a user or change the password for all user types. This policy enables the following password constraints:

In the Resource Limit dialog box, check the Enable Resource Limits check box and complete the following fields:

Field Name

Description

Group display-only

The group name

Enable Resource Limits check box

Check the check box to enable the resource limits or uncheck the check box to disable the resource limits. If checked, the user is provided with the option to set resource limits for a group and all nonzero resource limits are applied.

Maximum Active VM Count

The maximum number of active VMs.

Maximum Total VM Count

The total number of VMs.

Provisioned vCPUs Limit

The maximum number of provisioned vCPUs.

Provisioned Memory (GB) Limit

The provisioned memory limit, in gigabytes.

Provisioned CPU (GHz) Limit

Provisioned CPU (GHz) Limit

Provisioned Disk (GB) Limit

The provisioned limit for disks, in gigabytes.

Reserved CPU (GHz) Limit

The reserved limit of CPUs, in gigahertz.

Reserved Memory (GB) Limit

The reserved memory limit, in gigabytes

Maximum Snapshot (GB) Limit

The maximum limit for snapshots, in gigabytes.

Count CPU and Memory for Inactive VMs check box

Count CPU and Memory for Inactive Check the check box to include the group's inactive VM CPU or memory data in the computation of resource limits. Uncheck the check box to exclude inactive VM CPU or memory data from the computation of resource limits.VMs check box.

OS Resource Limits

Note

The configuration of OS resource limits and physical resource limits are not supported for public clouds.

CentOS

The maximum number of CentOS (Community Enterprise Operating System) servers.

Windows Server 2008

The maximum number of Windows 2008 servers.

Windows 7

The maximum number of Windows 7 machines.

Windows XP

The maximum number of Windows XP machines.

Red Hat

The maximum number of Red Hat machines.

Ubuntu

The maximum number of Ubuntu machines.

FreeBSD

The maximum number of FreeBSD machines.

Other Linux

The maximum number of other Linux OS.

Other

The maximum number of other OS.

Physical Resource Limits

Maximum Physical Server Count

The maximum number of servers

Maximum Physical Server Memory (GB)

The maximum amount of server memory.

Maximum Physical Server CPU Count

The maximum number of server CPUs.

Maximum vFiler Count

The maximum number of vFilers

Maximum Physical Storage Space (GB)

The maximum amount of storage space

Step 5

Click
Save.

Creating the Admin Profile

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Choose Login User tab

Step 3

Click
Add.

Step 4

In the Add User dialog box, complete the following fields:

Field Name

Description

User Type drop-down list

Choose the user type option as System Admin. The system administrator has full privileges.

Login Name

The login name. The default is admin.

Password

The admin password.

Confirm Password

The admin password that is entered again for confirmation.

User Contact Email

The administrator’s email address.

First Name

The administrator’s first name.

Last Name

The administrator’s last name.

Phone

The administrator’s phone number.

Address

The administrator’s address.

Step 5

Click
Add.

Changing the Admin Password

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

In the Login Name column, choose admin

Step 3

Click Change Password.

Step 4

In the Change Password dialog box, enter a new password for the admin user and confirm it.

Step 5

Click
Save.

Adding Users

Before You Begin

Ensure you have
created a group before you add a user to it.

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Click the
Login Users tab.

Step 3

Click
Add
(+).

Step 4

In the
Add User dialog box, complete the following fields:

Field Name

Description

User Role drop-down list

Choose the role type for the user.

Note

This drop-down list displays all the available user roles in
Cisco UCS Director. In addition to the user roles available by default, you can create additional user roles. For more information on creating users roles, see
Adding a User Role.

Login Name field

The login name.

Password field

The password.

Note

If the Lightweight Directory Access Protocol (LDAP) authentication is configured to the user, the password is validated only at the LDAP server, and not at the local server.

Confirm Password field

The password is entered again for confirmation.

User Contact Email field

The email address.

Note

The email address is required to notify the group owner about the service request status and request approval.

First Name field

The first name.

Last Name field

The last name.

Phone field

The phone number of the user.

Address field

The postal address of the user.

Step 5

Click
Add.

What to Do Next

After choosing a user from the main window and then clicking
Manage Profiles, you can optionally assign multiple roles for that user.

Viewing Current Online Users

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Choose the Current Online Users tab to view a list of online users. You can view the username, IP address, session start time, last data access, and client.

Multi-Role Access
Profiles

A user can be assigned
to more than one role, which is reflected in the system as a user access
profile. For example, a user might log into
Cisco UCS Director as a group administrator and an
all-policy administrator, if both types of access are appropriate.

Access profiles also define the resources that
can be viewed by a user. By default, one access profile is created when a user
is created. By default, user can see their own resources, and resources of the
group. Users can create profiles to view their own resources, or view only
resources shared by group.

Changing Default
Profile

At the upper
right of the window (to the left of
logout), click the username.

Step 2

In the
User Information window, choose the
Access
Profiles tab.

Step 3

Choose a user
profile, and click
Set as
Default Profile.

Note

A profile can also be set as default while adding or editing a
profile.

Authentication and LDAP Integration

You can configure a preference with or without a fallback choice for local authentication and a preference with a fallback for the LDAP. You can also configure a preference with no fallback for Verisign Identity Protection (VIP) authentication.

Name

Description

Local Authentication

Authentication is local only (Cisco UCS Director), and not through the LDAP server.

Local First, fallback to LDAP

Authentication is done first at the local server (Cisco UCS Director). If the user is unavailable at the local server, the LDAP server is checked.

LDAP First, fallback to Local

Authentication is done first at the LDAP server. If the user is unavailable at the LDAP server, the local server is checked (Cisco UCS Director).

If you selected
Verisign Identity Protection, complete the following steps:

Click
Browse to upload a VIP certificate.
Locate and select the certificate, and click
Upload.

Enter the
Password.

Step 6

Click
Save.

LDAP
Integration

You can use LDAP
integration to synchronize the LDAP server’s groups and users with
Cisco UCS Director. LDAP authentication enables
synchronized users to authenticate with the LDAP server. You can synchronize
LDAP users and groups automatically or manually. In addition, LDAP
synchronization is also available as a system task. When new organizational
units (OU) are added in the LDAP directory, and a synchronization process is
run, either manually or automatically, the recently added LDAP users and groups
are displayed in
Cisco UCS Director.

Note

Users that do not
belong to a group or a domain user’s group display in LDAP as
Users with No
Group. These users are added under the domain user’s group in
Cisco UCS Director.

You cannot choose
users and groups that exist locally or are synchronized externally in
Cisco UCS Director.

LDAP Integration
Rules and Limitations

If a chosen LDAP
group already exists in
Cisco UCS Director and the source is type Local, the
group is ignored during synchronization.

If a chosen LDAP
group already exists in
Cisco UCS Director and the group source is type
External, the group’s description and email
attributes are updated in the
Cisco UCS Director.

A maximum of 1000
users (subject to availability) are displayed for selection in manual search
when you use the advanced search option. This option is available by
clicking Request
Manual LDAP Sync.

User Synchronization
Rules

If a chosen LDAP
user already exists in
Cisco UCS Director and the source is type
Local, the user is ignored during synchronization.

If a chosen LDAP user already
exists in
Cisco UCS Director and the source type is
External, the user’s name, description, email, and
other attributes are updated for use.

If a user account is created in two different LDAP directories, then
the user details of the LDAP directory that was synchronized first is
displayed. The user details from the other LDAP directory is not displayed.

After LDAP directories are synchronized, the LDAP external users
must login to
Cisco UCS Director

by specifying the complete domain name along with the user name.
For example, vxedomain.cisco.com\username.

User Synchronization
Limitations

If a user has
multiple group membership, that user has single group membership in
Cisco UCS Director.

Note

Be sure that the
user is assigned to the correct group after the LDAP synchronization process.

Managing LDAP
Integration

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Click the LDAP Integration tab to view the status of LDAP server synchronization.

Step 3

(Optional)Choose a server and click the following buttons, as needed, to manage LDAP integration.

Name

Description

Search BaseDN button

Enables you to choose a distinguished domain name to search. All users and groups from the chosen organization units are fetched into
Cisco UCS Director when the LDAP synchronization process is completed. This action is also considered to be an automatic synchronization process.

All organization units (OU) that are available in
Cisco UCS Director are displayed in this list.

Step 7

Click
Submit.

What to Do Next

If you have not set the authentication preference to LDAP, then you are prompted to modify the authentication preference. For more information on changing the authentication preference, see
Configuring Authentication Preferences.

(Optional)Click
Manage
Task to enable or disable the synchronization process.

What to Do Next

The results of the synchronization process are displayed in
Cisco UCS Director.
Select an LDAP account on the
LDAP Integration pane, and click
Results to view the summary of the
synchronization process.

Modifying LDAP
Server Details

You can only modify the following
details for a configured LDAP server:

Port numbers and SSL configuration

User name and password

Search BaseDN selections

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Click the LDAP Integration tab and select
an LDAP account.

Step 3

Click
Modify.

Step 4

In the
Modify LDAP Server Configuration pane, edit the
following fields:

Name

Description

Enable SSL check box

Enables a secure connection to the LDAP server.

Port field

The port number.

It is automatically set to 636 for SSL, and 389 for
non-secure mode.

User Name field

The user name.

If you selected
OpenLDAP as the LDAP Directory
Type, then specify the user names in the following format:

uid=users,ou=People,dc=ucsd,dc=com

where
ou specified is the one all the
other users are placed in the directory hierarchy.

Password field

The user password.

Modify Existing Users and Groups
check box

Check the check box if you want to enable modification
of existing users and groups.

Deleting LDAP Server
Information

Deleting an LDAP
server account only results in deleting the search criteria, BaseDNs, and
system entries related to this LDAP server. Users and groups attached to the
LDAP server are not deleted.

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Choose the
LDAP Integration tab.

Step 3

Choose an LDAP account name from the table.

Step 4

Click
Delete.

Step 5

In the confirmation dialog box, click
Delete.

Step 6

Click
OK.

This initiates the deletion of the LDAP account in
Cisco UCS Director. Based on the number of users and groups in the LDAP account, this deletion process could take a few minutes to complete. During such time, the LDAP account may still be visible in
Cisco UCS Director. Click
Refresh to ensure that the account has been deleted.

Single Sign On

Cisco UCS Director provides a single sign-on using One Login. Single sign-on prevents a user from having to enter a password multiple times to access the application. When Single Login is enabled, a user can log into that portal to access Cisco UCS Director.

Note

A single sign-on is available for Cisco UCS Director after you register a One Login certificate.

Enabling a Single
Sign-On

In the
Single Sign-On
pane, click the
Enable Single Sign-On check box.

Step 4

In the
Select a File for Upload field, browse to the One Login certificate file and choose it.

Step 5

Click
Upload.

Step 6

When the upload is complete, click
Submit.

Branding Groups and
Customer Organizations

Procedure

Step 1

On the menu bar,
choose
Administration > Users and
Groups.

Step 2

Choose the
User Group tab.

Step 3

Choose the group to brand.

Step 4

Click
Branding.

Step 5

In the
Group Branding dialog box, complete the following fields:

Field Names

Description

Logo image check box

Check the check box to upload a logo image.

Continue to Step 6.

Application Labels check box

Check the check box to customize an application label to appear in the application header.

Continue to Step 8.

URL Forwarding on Logout check box

Check the check box to forward to a specific URL upon logout.

Continue to Step 9.

Custom Links check box

Check the check box to brand custom links.

Continue to Step 10.

Step 6

In the
Select a File for Upload field, browse to the logo image file and choose it.

Note

Make sure that the logo image is in PNG, JPG, or GIF format. The optimal image size is 200 pixels in width and 100 pixels in height. We recommend that you use a small file size to enable faster download.

(Optional) In the
URL field, enter the
URL to direct the user to upon logout.

Step 10

(Optional)Complete at least the first two fields.

Name

Description

Custom Link 1 Label field

The label for custom link 1.

Custom Link 1 URL field

The URL for custom link 1.

Custom Link 2 Label field

The label for custom link 2.

Custom Link 2 URL field

The URL for custom link 2.

Step 11

Click
Submit.

Login Page
Branding

A login page can be
configured to display a logo that is associated with a domain name. When the
end user logs in from that domain, the user sees the custom logo on the login
page. The optimal image size for a logo is 890 pixels wide and 470 pixels high,
with 255 pixels allowed for white space. Cisco recommends that you keep the
image size small to enable faster downloads.

Note

The group or customer organization login page must first be configured
(enabled) for branding.